andreas steffen, 3.10.2011, 2-cryptology.pptx 1 internet security 1 (intsi1) prof. dr. andreas...

Andreas Steffen, 3.10.2011, 2-Cryptology.pptx 1

Internet Security 1 (IntSi1)

Prof. Dr. Andreas Steffen

Institute for Internet Technologies and Applications (ITA)

2 Introduction to Cryptology


What is Cryptology?

Cryptology is a branch of mathematics !!

Cryptology

Cryptography

„Art and science of keeping messages secure“

Cryptanalysis

„Art and science of breaking ciphertext“


Cipher

Cryptography – Basic Terminology

EncryptionEK(P) = C

plaintext

weattackat dawn

P

sorqjzplvnwkghanqd

C

ciphertext

weattackat dawn

P

sorqjzplvnwkghanqd

C

DecryptionDK(C) = P

key K

key K


Cryptanalysis – Fundamental Assumptions

• Attacker knows every detail of the cryptographical algorithm

• Attacker is in possession of encryption / decryption equipment (HW machine or SW implementation)

• Attacker has access to an arbitrary number of plaintext / ciphertext pairs generated with the same (unknown) key.

• Strong cipher: Best attack should be brute force key search!

The security of a cipher should relyon the secrecy of the key only!

Auguste Kerckhoffs, „La Cryptographie militaire“, 1883


Cryptanalysis – Types of Attacks

• Ciphertext-Only Attack• Attacker knows ciphertext of several messages encrypted

with the same key and/or several keys• Recover the plaintext of as many messages as possible or

even better deduce the key (or keys)

• Known-Plaintext Attack• Known ciphertext / plaintext pair of several messages• Deduce the key or an algorithm to decrypt further

messages

• Chosen-Plaintext Attack • Attacker can choose the plaintext that gets encrypted

thereby potentially getting more information about the key

• Adaptive Chosen-Plaintext Attack• Attacker can choose a series of plaintexts, basing the choice

on the result of previous encryption differential cryptanalysis!


How to construct a Secure Cipher?

World War II German Enigma Machine

Thomas Jefferson‘s Cipher Wheel

1 0 1 0 0 1 1 1 0 1 ...


Claude Shannon 1916 - 2001 The Father of Information Theory

• Information Theory• Worked at MIT / Bell Labs• „The Mathematical Theory of

Communication“ (1948)• Maximum capacity of a noisy

transmission channel• Definition of the „binary digit“

(bit) as a unit of information• Definition of „entropy“ as a

measure of information

• Cryptography• Model of a secrecy system• Definition of perfect secrecy• Basic principles of „confusion“

and „diffusion“



2.1 Basic CryptographicPrinciples


Mary Stuart 1516 - 1558Famous Victim of Successful Cryptanalysis

Mary StuartQueen of Scotland

Elizabeth IQueen of England


History of Cryptography - Literature

• History of Cryptography• David Kahn, "The Codebreakers:

The Comprehensive History of Secret Communication from Ancient Times to the Internet",1181 pages, 1996,Scribner Book Company, ISBN 0-684-83130-9

• The Code Book• Simon Singh, "The Code Book : The Science

of Secrecy from Ancient Egypt to Quantum Cryptography", 402 pages, 2000,Fourth Estate, ISBN 1-857-02889-9


ABCDEFGHIJKLMNOPQRSTUVWXYZ

DEFGHIJKLMNOPQRSTUVWXYZABC

Substitution Table - Caesar‘s Cipher

Shannon‘s Principle of ConfusionCaesar Monoalphabetic Substitution Cipher

MESSAGE FROM MARY STUART KILL THE QUEEN

PHVVD JHIUR PPDUB VWXDU WNLOO WKHTX HHQPHVVD JPHVVDPHVVPHP

key = 3 cyclic shifts

ABCDEFGHIJKLMNOPQRSTUVWXYZ

EYUOBMDXVTHIJPRCNAKQLSGZFW

General Substitution Table

26! possible keys

JBKKE DBMAR JJEAF KQLEA QHVII QXBNL BBP


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z plaintext alphabetA B C D E F G H I J K L M N O P Q R S T U V W X Y ZB C D E F G H I J K L M N O P Q R S T U V W X Y Z AC D E F G H I J K L M N O P Q R S T U V W X Y Z A BD E F G H I J K L M N O P Q R S T U V W X Y Z A B CE F G H I J K L M N O P Q R S T U V W X Y Z A B C DF G H I J K L M N O P Q R S T U V W X Y Z A B C D EG H I J K L M N O P Q R S T U V W X Y Z A B C D E FH I J K L M N O P Q R S T U V W X Y Z A B C D E F GI J K L M N O P Q R S T U V W X Y Z A B C D E F G HJ K L M N O P Q R S T U V W X Y Z A B C D E F G H IK L M N O P Q R S T U V W X Y Z A B C D E F G H I JL M N O P Q R S T U V W X Y Z A B C D E F G H I J KM N O P Q R S T U V W X Y Z A B C D E F G H I J K LN O P Q R S T U V W X Y Z A B C D E F G H I J K L MO P Q R S T U V W X Y Z A B C D E F G H I J K L M NP Q R S T U V W X Y Z A B C D E F G H I J K L M N OQ R S T U V W X Y Z A B C D E F G H I J K L M N O PR S T U V W X Y Z A B C D E F G H I J K L M N O P QS T U V W X Y Z A B C D E F G H I J K L M N O P Q RT U V W X Y Z A B C D E F G H I J K L M N O P Q R SU V W X Y Z A B C D E F G H I J K L M N O P Q R S TV W X Y Z A B C D E F G H I J K L M N O P Q R S T UW X Y Z A B C D E F G H I J K L M N O P Q R S T U VX Y Z A B C D E F G H I J K L M N O P Q R S T U V WY Z A B C D E F G H I J K L M N O P Q R S T U V W XZ A B C D E F G H I J K L M N O P Q R S T U V W X Y

HI

T

W

Shannon‘s Principle of ConfusionVigenère Polyalphabetic Substitution Cipher

E

MESSAGE FROM ...

Keyword: WHITE

MESSAGE FROM ...

WHITEWH ITEW

ILALECL NKSI

MESSAGE FROM ...

WHITEWH ITEW

MESSAGE FROM ...

WHITEWH ITEW

I

MESSAGE FROM ...

WHITEWH ITEW

IL

MESSAGE FROM ...

WHITEWH ITEW

ILA

MESSAGE FROM ...

WHITEWH ITEW

ILAL

MESSAGE FROM ...

WHITEWH ITEW

ILALE

MESSAGE FROM ...

WHITEWH ITEW

ILALEC

MESSAGE FROM ...

WHITEWH ITEW

ILALECL

MESSAGE FROM ...

WHITEWH ITEW

ILALECL N

MESSAGE FROM ...

WHITEWH ITEW

ILALECL NK

MESSAGE FROM ...

WHITEWH ITEW

ILALECL NKS

Vigenère square


4 9 1 7 5 3 2 8 6

Extended key:order of columns9! = 362‘880 keys

Shannon‘s Principle of DiffusionTransposition Cipher

MESSAGE FROM MARY STUART KILL THE QUEEN

M E S S A G E F RO M M A R Y S T U A R T

T HE

K I L L

Q U E E N

Plaintext in

Ciphertext out

MOAEE MRQMOAEMOAEE MRQSM TUMOAEE MRQSM TUSAK EMOAEE MRQSM TUSAK EARIE RUHMOAEE MRQSM TUSAK EARIE GYLNMOAEE MRQSM TUSAK EARIE GYLNE SL FTT

Diffusion means permutation of bit or byte positions !

1 2 3 4 5 6 7 8 9 Key = 9 columns

SMTUE SLGYL NMOAE ARIER UHSAK EFTTE MRQ


Data Encryption Standard (DES)Rounds of Confusion and Diffusion

Initial PermutationInitial Permutation Strip Parity (56 bits)

Strip Parity (56 bits)

Key (64 bits)Key (64 bits)

Round 1Round 1

Round 2Round 2

Round 16Round 16

Reverse PermutationReverse Permutation

Plaintext Block (64 bits)Plaintext Block (64 bits)

Ciphertext Block (64 bits)Ciphertext Block (64 bits)


One Round of DES

Expansion PermutationExpansion Permutation

48

P-Box Permutation

P-Box Permutation

S-Box Substitution

S-Box Substitution

32

ShiftShift ShiftShift

48

Compression Permutation

Compression Permutation

FeistelNetwork

56

32

32

Keyi-1Keyi-1Ri-1

Ri-1Li-1Li-1

KeyiKeyiRi

RiLiLi

32

32 5

6



2.2 Plaintext and Key Entropy


Most Cryptoanalytic Attacks base on theRedundancy of Natural Language Texts

E

26

T

18

A

16

O

16

N

14

I

13

R

13

S

12

H

12

high frequency group

D

8

L

7

U

6

C

6

M

6

medium frequency group

P

4

F

4

Y

4

W

3

G

3

B

3

V

2

low frequency group

J

1

K

1

X

1 ½

Q Z

½

rare group

Frequency table of 200 English letters


Georges Perec, „La disparition“, 1969Book of 280 pages without a single letter e

...Anton Voyl n'arrivait pas à dormir. Il alluma. Son Jaz marquait minuit vingt. Il poussa un profond soupir, s'assit dans son lit, s'appuyant sur son polochon. Il prit un roman, il l'ouvrit, il lut ; mais il n'y saisit qu'un imbroglio confus, il butait à tout instant sur un mot dont il ignorait la signification. Il abandonna son roman sur son lit. Il alla à son lavabo ; il mouilla un gant qu'il passa sur son front, sur son cou. Son pouls battait trop fort. Il avait chaud...

Excerpt from „La disparition“ © Editions Denöel


Entropy of the English Language

• Single character statistics• Entropy H = 4 bits / character

• Written English taking into account the full context• Shannon (1950): Entropy H = 0.6 ... 1.3 bits /

character• Simulations (1999): Entropy H = 1.1 bits / character

• What about the entropy of C source code? for (c = 0; c < 256; c++) { i2 = (key_data_ptr[i1] + state[c] + i2) % 256; swap_byte(&state[c], &state[i2]); i1 = (i1 + 1) % key_data_len;}

• Compression before encryption increases security• Good data compression algorithms (e.g. Lempel-Ziv) remove

all redundancy and come very close to the entropy of the plaintext.


Random Passwords with 128 Bits of Entropy

• Digits (0..9): 39 digits 3.3 bits/digits• 39475 10485 98021 43380 05872 49759 70291 2634

• Hexadecimal (0..F): 32 nibbles 4 bits/nibble• 3F8A 84D1 EA7B 5092 C64F 8EA6 73BD F01B

• Alphabet (A..Z): 28 characters 4.7 bits/character• AWORH GHJBP IUCMX MLZFQ TZDOP ZJV

• Alphabet & Digits (A..Z, 0..9): 25 symbols 5.2 bits/symbol• E5RGL UPQ7A 8F3ZP NWTIC 22JBM

• Base64 (A..Z, a..z, 0..9, /, +): 22 symbols 6 bits/symbol• y5GNa Riq92 VCm4Q 1BOKl x0


Shannon‘s Definition of Perfect SecrecyThe One-Time Pad

m bits of plaintext Pwith entropy H(P)

m bits of plaintext Pwith entropy H(P)

Compression AlgorithmC(P) = Z

Compression AlgorithmC(P) = Z

H(P) k m bits of compressed plaintext Z

H(P) k m bits of compressed plaintext Z k bits of ciphertext Ck bits of ciphertext C

One-Time Padk bits of random key K

One-Time Padk bits of random key K

1 0 0 1 1 0 1 0 1 0

0 1 1 1 0 1 1 0 1 1

1 1 0 1 0 0 0 1 1 1

use random key sequenceonly once and then discard it !


open channel

Shannon‘s Model of a Secrecy SystemSymmetric or Secret-Key Cryptosystems

• Same key used for encryption and decryption

• Key must be kept absolutely secret

• Same key can be used for several messages, but should be changed periodically secure key distribution problem!

EncryptionEK(P) = C

plaintext

PDecryptionDK(C) = P

ciphertext plaintext

PC

key K key K

distribution of secret-key over secure channel

andreas steffen, 3.10.2011, 2-cryptology.pptx 1 internet security 1 (intsi1) prof. dr. andreas...

Documents

cryptology cryptography

unknown key

secret key

applied cryptography

practitioners of cryptanalysis

cryptology internet

thorough cryptanalysis

range of possible key